register a user in converse.js to ejabberd server using javascript - ejabberd

how to register an user using converse.js to ejabberd from javascript instead of using register form of converse.js. I want to register the user using converse.js api instead doing it manually from the form. Please help me with your suggestions.

Converse.js supports XMPP-0077 in band registrations to allow users to manually register new accounts for themselves.
It should be possible to also do the same thing automatically/programmatically instead of expecting the user to do it.
However, you would need to write new code to do this.
Instead of letting the user specify their username and password, you would generate and then send those values to the XMPP server automatically with Javascript.
However, a better and more secure way would most likely be to do this server-side. Either by using a RESTful API provided by the XMPP server (some do, but not all), or by creating a server-side XMPP client which does the registration.

Related

Can eJabberd call an API if a roster contact does not exist?

Ejabberd newbie here. I hope this question makes sense.
We had a need to setup our own XMPP server so that customers on web and a Bria client can utilize it. I was able to get the basics up and running using ejabberd.
All users will be in the 'xmpp.exampledomain.com'
We also have a custom SMS gateway we built (which is really a server which can accept json APIs).
So what I am trying to accomplish:
Our platform would create a 'normal' xmpp user so the user can login to ejabberd.
This user can add roster contacts of other 'normal' xmpp users.
If this user wants to send messages via SMS, we would instruct them to add roster contacts (i assume) with the format 12125551234#sms.exampledomain.com. (adding the contact works currently)
If a user sends a message to this "SMS" contact, have ejabberd call our custom SMS gateway via a json API instead of attempting to deliver via normal xmpp.
Is this even possible?
For inbound from the SMS Gateway server, can call the ejabberd API send message function, so inbound is fairly easy.
I appreciate any suggestions
thanks
What you want was called a "transport" in the old days of IRC, ICQ, AIM and MSN. They were programs that you installed next to ejabberd (or other Jabber servers). Example usage:
you download a transport for ICQ
configure it to have access to ICQ,
and then configure ejabberd to connect to that transport, and allow users to contact it at address icq.example.com.
There are very old tutorials for your curiosity:
https://www.ejabberd.im/tutorials-transports/index.html
I don't know if the old "SMS-Jabber transports" will work nowadays. Searching revelaed few results:
https://www.jethrocarr.com/2013/06/03/smstoxmpp/
https://sourceforge.net/projects/jabbersms/
https://www.jabber.cz/wiki/SMS_transport
Alternatively, as you mentioned you already have a SMS program, if you can get your hands on Erlang or Elixir, you can write an ejabberd module that registers at sms.example.com, and forwards XMPP messages as json API...

Which authentication can be used for managing Box users through REST end points

I am working on an Identity management application, using which my goal is to manage users on Box application.
I was going through Box documentation, and there are two ways for authentication
OAuth 2.0, which has redirection URI as required parameter. And due to which I cannot make use of it, since I will not be able to enter username and password and Authorize dynamically using my Java code.
Reference: https://box-content.readme.io/reference#oauth-2
JWT authentication, this I can use in my code and successfully get Access token. But problem here is, this access token can only be used to manage App Users (who will not have login to Box website).
Reference: https://box-content.readme.io/docs/box-developer-edition
So, is there any other authentication mechanism which I can use for getting Access token for managing Box users?
Regards,
Sandeep
The current best option is #1 with a process like this:
Create a Box application with the 'Manage an Enterprise' scope enabled.
Use a web-based access token generator (such as this or this) to get an initial access/refresh token pair. Save these somewhere safe (flat file, DB).
Code your application to initialize itself with the access/refresh token pair from its saved location.
When the access/refresh token pair is refreshed, write them out to the save location.
If your application runs across multiple nodes/processes this approach will require some (painful) coordination between them. I believe Box is working on some improvements in this area, so you may not have to live with this for long.

Ejabberd give user registration access to only my clients

I am using ejabberd in my chat server and I am registering new users from android app.But when I give to full access to user registrations other clients can register new users.Example:Pidgin can register new user.How can I block them ? I just want to give access for only my clients.
You could try to modify the registration module to include a shared secret. This is not terribly secure, but it should somehow limit the risk of abuse. Make sure the traffic is also encrypted with TLS in that case, otherwise it will be pointless.

CAS Retrieve user attributes after log in

CAS can push the logged in user attributes to the client when using the SAML ticket validation. But if I use OAuth, is there another way that I can retrieve user attributes through a second call to the CAS server using the received accessToken? I think this should be possible as when a user is authenticated(eg. through facebook) the requested attributes are in CAS memory.
Yes, it's possible as the user's attributes are indeed stored in the CAS server. As explained in the documentation: https://wiki.jasig.org/display/CASUM/Configuration+for+the+OAuth+client+support+in+CAS+server+version+%3E%3D+3.5.1, you can define what OAuth attributes you want to retrieve exactly like for any other attribute repository. You can even recreate the user's profile on the CAS client application side.
Here is a working example: https://github.com/leleuj/cas-oauth-demo-3.5.x/blob/master/cas-oauth-client-demo-3.5.x/src/main/webapp/WEB-INF/deployerConfigContext.xml. You can also get the OAuth access token to perform additionnal operations...

Box API Login issue

how to make a login call using the Box API methods in my webservice?
I can only see a URL, that redirects to a Box login Page, where user needs to endter username and password, but this I need this as a webservice call.
Does anyone have done it usig API ?
Regards Sathish
You can find the full details here, but in short, you can set a callback URL for your app at http://www.box.com/developers/services that Box will send the authentication token to. You can set up your web service to receive the token there.
The way Box's authentication flow is designed is to prevent the need for users to provide 3rd parties (you in this case) with their credentials. The fact that there is no mechanism to authenticate a user by passing their credentials through a web service call is deliberate, and there is no straightforward work around I'm aware of (especially no such workaround that would be consistent with the terms of use of their API).
http://developers.box.com/get-started/#authenticating
There is a new authentication mechanism they have in the pipeline which will allow you to authenticate to a sandboxed folder for your application using a much simpler process. This is currently in private beta. This might fit the needs of what you are looking for once it is available.
http://developers.box.com/docs/#tokens